DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Spoofed MAC's, unauthorised IP's, rouge Access Points???
- 2blueuk
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
29 Jun 2009 17:04 #56514
by 2blueuk
Spoofed MAC's, unauthorised IP's, rouge Access Points??? was created by 2blueuk
Hey,
I recently brought a vigor 2820n for a small office network, largely using wireless devices, so as you can inmagine when setting up the router and clients, security was my biggest concern (and my old BT Business Hub proved as useful as frisbe in a wireless network environment).
I used MAC to IP Bind (strict mode) and made sure those very same MAC's were used in ARP Cache tables in my other WAP's.
Just noticed this morning I have three extra devices with the weirdest MAC addresses and although strict MAC to IP bind was done, these devices still managed to get IP addresses from DHCP server.
Just to compare if anyone else is having the same problems the addresses are;
00:40:2B:4F:56:A5
E9:EB:B3:A6:DB:3C
4D:C8:43:BB:8B:A6
Now I have no doubt that these are fake but interestingly enough they all have the same host name 'detective'.
More interestingly one of them had the exact same IP with my network printer (on wire) but I didnt detect any conflicts. Also you cannot ping any of the devies although you can see them in DHCP table under diagnosis.
If I only use MAC to IP bind and turn DHCP server off would the computers still get the same IP's that were assigned to their MAC's?
Any suggestions would be welcome. Because at this point all I can think is WTF???
I recently brought a vigor 2820n for a small office network, largely using wireless devices, so as you can inmagine when setting up the router and clients, security was my biggest concern (and my old BT Business Hub proved as useful as frisbe in a wireless network environment).
I used MAC to IP Bind (strict mode) and made sure those very same MAC's were used in ARP Cache tables in my other WAP's.
Just noticed this morning I have three extra devices with the weirdest MAC addresses and although strict MAC to IP bind was done, these devices still managed to get IP addresses from DHCP server.
Just to compare if anyone else is having the same problems the addresses are;
00:40:2B:4F:56:A5
E9:EB:B3:A6:DB:3C
4D:C8:43:BB:8B:A6
Now I have no doubt that these are fake but interestingly enough they all have the same host name 'detective'.
More interestingly one of them had the exact same IP with my network printer (on wire) but I didnt detect any conflicts. Also you cannot ping any of the devies although you can see them in DHCP table under diagnosis.
If I only use MAC to IP bind and turn DHCP server off would the computers still get the same IP's that were assigned to their MAC's?
Any suggestions would be welcome. Because at this point all I can think is WTF???
Please Log in or Create an account to join the conversation.
- anyoldname
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
29 Jun 2009 17:13 #56515
by anyoldname
Replied by anyoldname on topic Spoofed MAC's, unauthorised IP's, rouge Access Points???
A quick google on one of the MAC address gives a clue...
Do you have a Windows Server 2003-based or Windows Small Business Server 2003?
see:
http://support.microsoft.com/kb/945948
- ian
Do you have a Windows Server 2003-based or Windows Small Business Server 2003?
see:
- ian
Please Log in or Create an account to join the conversation.
- 2blueuk
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
29 Jun 2009 17:49 #56516
by 2blueuk
Replied by 2blueuk on topic Spoofed MAC's, unauthorised IP's, rouge Access Points???
hmmm...actually I am running a few windows 2003 systems, non that I recently configured and non that are DC's.
But one of the servers is running total network monitor using ICMP protocols, that might be why...
Thanks for the heads up dude.
But one of the servers is running total network monitor using ICMP protocols, that might be why...
Thanks for the heads up dude.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek